package org.springframework.cloud.vault.config;

import java.net.URI;
import java.time.Duration;
import java.util.List;
import java.util.Objects;
import java.util.function.Supplier;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.vault.config.VaultProperties;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.lang.Nullable;
import org.springframework.scheduling.TaskScheduler;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.LifecycleAwareSessionManager;
import org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport;
import org.springframework.vault.authentication.SessionManager;
import org.springframework.vault.authentication.SimpleSessionManager;
import org.springframework.vault.authentication.event.AuthenticationEventMulticaster;
import org.springframework.vault.client.ClientHttpRequestFactoryFactory;
import org.springframework.vault.client.RestTemplateBuilder;
import org.springframework.vault.client.RestTemplateCustomizer;
import org.springframework.vault.client.RestTemplateFactory;
import org.springframework.vault.client.RestTemplateRequestCustomizer;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.client.VaultEndpointProvider;
import org.springframework.vault.core.VaultOperations;
import org.springframework.vault.core.lease.SecretLeaseContainer;
import org.springframework.vault.support.ClientOptions;
import org.springframework.vault.support.SslConfiguration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/springframework/cloud/vault/config/VaultConfiguration.class */
public final class VaultConfiguration {
    private final VaultProperties vaultProperties;

    /* JADX INFO: Access modifiers changed from: package-private */
    public VaultConfiguration(VaultProperties vaultProperties) {
        this.vaultProperties = vaultProperties;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslConfiguration createSslConfiguration(VaultProperties.Ssl ssl) {
        SslConfiguration.KeyStoreConfiguration unconfigured = SslConfiguration.KeyStoreConfiguration.unconfigured();
        SslConfiguration.KeyStoreConfiguration unconfigured2 = SslConfiguration.KeyStoreConfiguration.unconfigured();
        if (ssl.getKeyStore() != null) {
            unconfigured = StringUtils.hasText(ssl.getKeyStorePassword()) ? SslConfiguration.KeyStoreConfiguration.of(ssl.getKeyStore(), ssl.getKeyStorePassword().toCharArray()) : SslConfiguration.KeyStoreConfiguration.of(ssl.getKeyStore());
            if (StringUtils.hasText(ssl.getKeyStoreType())) {
                unconfigured = unconfigured.withStoreType(ssl.getKeyStoreType());
            }
        }
        if (ssl.getTrustStore() != null) {
            unconfigured2 = StringUtils.hasText(ssl.getTrustStorePassword()) ? SslConfiguration.KeyStoreConfiguration.of(ssl.getTrustStore(), ssl.getTrustStorePassword().toCharArray()) : SslConfiguration.KeyStoreConfiguration.of(ssl.getTrustStore());
            if (StringUtils.hasText(ssl.getTrustStoreType())) {
                unconfigured2 = unconfigured2.withStoreType(ssl.getTrustStoreType());
            }
        }
        return new SslConfiguration(unconfigured, unconfigured2, ssl.getEnabledProtocols(), ssl.getEnabledCipherSuites());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHttpRequestFactory createClientHttpRequestFactory() {
        return ClientHttpRequestFactoryFactory.create(new ClientOptions(Duration.ofMillis(this.vaultProperties.getConnectionTimeout()), Duration.ofMillis(this.vaultProperties.getReadTimeout())), createSslConfiguration(this.vaultProperties.getSsl()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VaultEndpoint createVaultEndpoint() {
        if (StringUtils.hasText(this.vaultProperties.getUri())) {
            return VaultEndpoint.from(URI.create(this.vaultProperties.getUri()));
        }
        VaultEndpoint vaultEndpoint = new VaultEndpoint();
        vaultEndpoint.setHost(this.vaultProperties.getHost());
        vaultEndpoint.setPort(this.vaultProperties.getPort());
        vaultEndpoint.setScheme(this.vaultProperties.getScheme());
        return vaultEndpoint;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VaultEndpoint createVaultEndpoint(ServiceInstance serviceInstance) {
        String scheme = StringUtils.hasText(this.vaultProperties.getUri()) ? URI.create(this.vaultProperties.getUri()).getScheme() : this.vaultProperties.getScheme();
        VaultEndpoint create = VaultEndpoint.create(serviceInstance.getHost(), serviceInstance.getPort());
        if (serviceInstance.getMetadata().containsKey("scheme")) {
            create.setScheme((String) serviceInstance.getMetadata().get("scheme"));
        } else {
            create.setScheme(serviceInstance.isSecure() ? "https" : scheme);
        }
        return create;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestTemplateBuilder createRestTemplateBuilder(ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpointProvider vaultEndpointProvider, List<RestTemplateCustomizer> list, List<RestTemplateRequestCustomizer<?>> list2) {
        RestTemplateBuilder endpointProvider = RestTemplateBuilder.builder().requestFactory(clientHttpRequestFactory).endpointProvider(vaultEndpointProvider);
        Objects.requireNonNull(endpointProvider);
        list.forEach(restTemplateCustomizer -> {
            endpointProvider.customizers(new RestTemplateCustomizer[]{restTemplateCustomizer});
        });
        Objects.requireNonNull(endpointProvider);
        list2.forEach(restTemplateRequestCustomizer -> {
            endpointProvider.requestCustomizers(new RestTemplateRequestCustomizer[]{restTemplateRequestCustomizer});
        });
        if (StringUtils.hasText(this.vaultProperties.getNamespace())) {
            endpointProvider.defaultHeader("X-Vault-Namespace", this.vaultProperties.getNamespace());
        }
        return endpointProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionManager createSessionManager(ClientAuthentication clientAuthentication, Supplier<TaskScheduler> supplier, RestTemplateFactory restTemplateFactory) {
        VaultProperties.SessionLifecycle lifecycle = this.vaultProperties.getSession().getLifecycle();
        if (!lifecycle.isEnabled()) {
            return new SimpleSessionManager(clientAuthentication);
        }
        return new LifecycleAwareSessionManager(clientAuthentication, supplier.get(), restTemplateFactory.create(), new LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger(lifecycle.getRefreshBeforeExpiry(), lifecycle.getExpiryThreshold()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretLeaseContainer createSecretLeaseContainer(VaultOperations vaultOperations, Supplier<TaskScheduler> supplier, @Nullable SessionManager sessionManager) {
        VaultProperties.ConfigLifecycle lifecycle = this.vaultProperties.getConfig().getLifecycle();
        SecretLeaseContainer secretLeaseContainer = new SecretLeaseContainer(vaultOperations, supplier.get());
        if (sessionManager instanceof AuthenticationEventMulticaster) {
            AuthenticationEventMulticaster authenticationEventMulticaster = (AuthenticationEventMulticaster) sessionManager;
            authenticationEventMulticaster.addAuthenticationListener(secretLeaseContainer.getAuthenticationListener());
            authenticationEventMulticaster.addErrorListener(secretLeaseContainer.getAuthenticationErrorListener());
        }
        customizeContainer(lifecycle, secretLeaseContainer);
        return secretLeaseContainer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ThreadPoolTaskScheduler createScheduler() {
        ThreadPoolTaskScheduler threadPoolTaskScheduler = new ThreadPoolTaskScheduler();
        threadPoolTaskScheduler.setPoolSize(2);
        threadPoolTaskScheduler.setDaemon(true);
        threadPoolTaskScheduler.setThreadNamePrefix("Spring-Cloud-Vault-");
        return threadPoolTaskScheduler;
    }

    static void customizeContainer(VaultProperties.ConfigLifecycle configLifecycle, SecretLeaseContainer secretLeaseContainer) {
        if (configLifecycle.isEnabled()) {
            if (configLifecycle.getMinRenewal() != null) {
                secretLeaseContainer.setMinRenewal(configLifecycle.getMinRenewal());
            }
            if (configLifecycle.getExpiryThreshold() != null) {
                secretLeaseContainer.setExpiryThreshold(configLifecycle.getExpiryThreshold());
            }
            if (configLifecycle.getLeaseEndpoints() != null) {
                secretLeaseContainer.setLeaseEndpoints(configLifecycle.getLeaseEndpoints());
            }
        }
    }
}
